A little tool to play with Windows security

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

Defeating Windows User Account Control

Own your AI. The native macOS harness for AI agents -- any model, persistent memory, autonomous execution, cryptographic identity. Built in Swift. Fully offline. Open source.

Kyanos is a networking analysis tool using eBPF. It can visualize the time packets spend in the kernel, capture requests/responses, makes troubleshooting more efficient.

Dopamine is a semi-untethered jailbreak for iOS 15 and 16

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…

Open-Source Shellcode & PE Packer

The swiss army knife of LSASS dumping

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

Situational Awareness commands implemented using Beacon Object Files

Stealthy Linux Kernel Rootkit for modern kernels (6x)

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

LSASS memory dumper using direct system calls and API unhooking.

Bypass Chromium's App-Bound Encryption via Direct Syscall-based Reflective Process Hollowing. Extract cookies, passwords, payment methods & tokens from Chrome, Edge, Brave & Avast - fileless, user-…

Dump cookies and credentials directly from Chrome/Edge process memory

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

Research code & papers from members of vx-underground.

HVNC for Cobalt Strike

A memory-based evasion technique which makes shellcode invisible from process start to end.

A root exploit for CVE-2022-0847 (Dirty Pipe)

C/C++ source obfuscator for antivirus bypass

Cobalt Strike UDRL for memory scanner evasion.

A protective and Low Level Shellcode Loader that defeats modern EDR systems.

Sleep Obfuscation

助力每一位RT队员，快速生成免杀木马

A collection of my Semgrep rules to facilitate vulnerability research.